opendkim is not running

[ployt0]

I tried using the docker image for DKIM

At first I copied in my own private key. I could not get DKIM working. Now I'm not bothering to volume mount and instead copying the given DNS record to a new selector in my DNS zone.

opendkim appears to be down:

root@aaabbbccc:/# service postfix status
[ ok ] postfix is running.
root@aaabbbccc:/# service opendkim status
[FAIL] opendkim is not running ... failed!

If I don't volume mount, I can see a lot of processes:

UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 21:14 ?        00:00:00 /bin/bash /root/run
opendkim      38       1  0 21:14 ?        00:00:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid
root         158       1  0 21:14 ?        00:00:00 /usr/lib/postfix/sbin/master
root         160       1  0 21:14 ?        00:00:00 rsyslogd -n
postfix      163     158  0 21:14 ?        00:00:00 pickup -l -t unix -u -c
postfix      164     158  0 21:14 ?        00:00:00 qmgr -l -t unix -u
root         165       0  0 21:15 pts/0    00:00:00 bash
postfix      179     158  0 21:22 ?        00:00:00 tlsmgr -l -t unix -u -c
postfix      252     158  0 21:29 ?        00:00:00 trivial-rewrite -n rewrite -t unix -u -c
postfix      253     158  0 21:29 ?        00:00:00 smtp -t unix -u -c
postfix      254     158  0 21:29 ?        00:00:00 bounce -z -n defer -t unix -u -c
root         256     165  0 21:30 pts/0    00:00:00 ps -ef

I can attempt to start opedkim but that only results in three log entries:

2022-10-16T21:31:48.586557+00:00 aaabbbccc opendkim[266]: OpenDKIM Filter: Unable to bind to port inet:12301@localhost: Address already in use
2022-10-16T21:31:48.588899+00:00 aaabbbccc opendkim[266]: OpenDKIM Filter: Unable to create listening socket on conn inet:12301@localhost
2022-10-16T21:31:48.589434+00:00 aaabbbccc opendkim[266]: smfi_opensocket() failed

There is an opendkim process, but the pidfile is wrong:

root@aaabbbccc:/# cat /var/run/opendkim/opendkim.pid
266

lsof returns nothing:

root@aaabbbccc:/# lsof -n -i :12301
root@aaabbbccc:/#

I installed iproute2 and ran this:

root@aaabbbccc:/# ss -lptn 'sport = :12301'
State                  Recv-Q                  Send-Q                                   Local Address:Port                                    Peer Address:Port                 
LISTEN                 0                       128                                          127.0.0.1:12301                                        0.0.0.0:*      

I'm using mwader/postfix-relay:1.1.8 and providing POSTFIX_myhostname=example.com and OPENDKIM_DOMAINS=example.com. Replacing example.com.

As I closed that container I notice:

^CStopping Postfix Mail Transport Agent: postfix2022-10-16T21:35:55.614971+00:00 7424cb1ab9a1 postfix/master[158]: terminating on signal 15
.
Stopping OpenDKIM: No /usr/sbin/opendkim found running; none killed.
opendkim.

[wader]

Hi, just for clarification, by "At first I copied in my own private key" you mean volume mounted a path from the host filesystem? and now without that volume it still does not work?

What path did you volume mount in the container? and how do you manage the container? I know for example that docker-compose can be tricky in some cases where volumes get persisted between image updates etc.

[ployt0]

Hey. Correct. Correct.

No one said anything about docker-compose. I was just following your README:

docker run -e POSTFIX_myhostname=smtp.domain.tld mwader/postfix-relay

Where I mounted, when I mounted, is immaterial, as I have explained.

I am not going to be testing this for you any further. The same behaviour was observed in version 1.0.1.

[hemberger]

@ployt0 Please consider that not only is @wader providing and maintaining this software to you for free, they are offering to help you for free as well. I think people will be more likely to continue doing that if you treat them with dignity and respect. (I'm unaffiliated with this repo, and don't claim to speak for @wader, but I do appreciate their efforts.)

[wader]

Ok, but you did docker run with a volume path? what path? please provide as much details as possible or even better reproduction steps.

[ployt0]

Dude, you just established with or without volume path made no difference.

[ployt0]

I didn't come here to argue and really really wish I never posted.

[ployt0]

@ployt0 Please consider that not only is @wader providing and maintaining this software to you for free, they are offering to help you for free as well. I think people will be more likely to continue doing that if you treat them with dignity and respect. (I'm unaffiliated with this repo, and don't claim to speak for @wader, but I do appreciate their efforts.)

He isn't providing me anything. Perhaps if it worked as advertised I'd have more unforced respect for it.

[ployt0]

I have provided the bug report, the steps to reproduce and diagnose. I am not asking for anything. I didn't expect this to turn into a huge, hard to follow issue like all the others on here.

Closing by attrition.

[wader]

Sorry didn't intend to sound like arguing, just wanted clarifications.

So first you started a container using something like:

docker run -e OPENDKIM_DOMAINS=test.tldn -v /etc/opendkim:/path/on/host mwader/postfix-relay:1.1.8

Base on the ps output it looks like opendkim was started and when i try the same i see similar ps output, opendkim plus some postfix processes.

I can reproduce the Unable to bind to port inet:12301@localhost: Address already in use log be trying to start opendkim, which i think is just because it's already running at that point.

For me the pid file /var/run/opendkim/opendkim.pid is correct and it gets stopped correctly. But i can reproduce the Stopping OpenDKIM: No /usr/sbin/opendkim found running; none killed. error by overwriting the pid file before stopping the container.

So in you case was opendkim started (and worked?) but for some strange reason the pid file gets overwritten?

Note that currently i'm not sure if it's possible to volume mount your own opendkim config as currently opendkim will only be started if a OPENDKIM_DOMAINS environment is specified which also mean that the run script will poke around in /etc/opendkim, see https://github.com/wader/postfix-relay/blob/master/run#L4-L39. That should probably be documented and also maybe it should be possible to start opendkim anyways.

I also noticed that opendkim is currently unconditionally stopped even if not started by the run script at container stop, which might cause confusion.

[ployt0]

More tests to illustrate the failure:

:/# opendkim-testkey -k /etc/opendkim/keys/silverbullets.co.uk/x.private -s x -d silverbullets.co.uk -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/keys/silverbullets.co.uk/x.private
opendkim-testkey: checking key 'x._domainkey.silverbullets.co.uk'
opendkim-testkey: key not secure
opendkim-testkey: key OK

Another symptom (I can't fix this one):

:/# opendkim-testkey -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: invalid data set type

Here's the cure:

:/# echo "TrustAnchorFile /usr/share/dns/root.key" >> /etc/opendkim.conf
:/# opendkim-testkey -k /etc/opendkim/keys/silverbullets.co.uk/x.private -s x -d silverbullets.co.uk -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: key loaded from /etc/opendkim/keys/silverbullets.co.uk/x.private
opendkim-testkey: checking key 'x._domainkey.silverbullets.co.uk'
opendkim-testkey: key secure
opendkim-testkey: key OK

At least I can send emails using DKIM now though.

[wader]

Ok thanks the reply. I don't know much about opendkim so not sure i can help much. Could the things the run script do cause those errors if they overwrote an already existing volume mounted config?

[davordragic]

I have similour problems.

Only difference is that adding TrustAnchorFile /usr/share/dns/root.key to /etc/opendkim.conf did not resolve any of my issues. I'm still not able to start opendkim service

OpenDKIM Filter: Unable to bind to port inet:12302@localhost: Address already in use
opendkim[791]: OpenDKIM Filter: Unable to create listening socket on conn inet:12302@localhost
opendkim[791]: smfi_opensocket() failed

And I still have opendkim-testkey: key not secure One thing I notice, permissions on private key are 600, they should be 400 if not mistaken